Review Authentication Identifying Users How to identify users to the system CS162 Operating Systems and Systems Programming Lecture 26 Passwords Shared secret between two parties Since only user knows password someone types correct password must be user typing it Very common technique Smart Cards Protection and Security in Distributed Systems II Electronics embedded in card capable of providing long passwords or satisfying challenge response queries May have display to allow reading of password Or can be plugged in directly several credit cards now in this category December 5 2007 Prof John Kubiatowicz http inst eecs berkeley edu cs162 Biometrics Use of one or more intrinsic physical or behavioral traits to identify someone Examples fingerprint reader palm reader retinal scan Becoming quite a bit more common 12 05 07 Review Private Key Cryptography Single key used for both encryption and decryption Plaintext Unencrypted Version of message Ciphertext Encrypted Version of message Key Decrypt Key Plaintext Plaintext SPY Insecure Transmission ciphertext Lec 26 2 Goals for Today Private Key Symmetric Encryption Encrypt Kubiatowicz CS162 UCB Fall 2007 Public Encryption Use of Cryptographic Mechanisms Authorization Mechanisms Worms and Viruses CIA Important properties Can t derive plain text from ciphertext decode without access to key Can t derive key from plain text and ciphertext As long as password stays secret get both secrecy and authentication Symmetric Key Algorithms DES Triple DES AES 12 05 07 Kubiatowicz CS162 UCB Fall 2007 Lec 26 3 Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and Gagne Gagne Many slides generated from my lecture notes by Kubiatowicz 12 05 07 Kubiatowicz CS162 UCB Fall 2007 Lec 26 4 Public Key Encryption Can we perform key distribution without an authentication server Idea Kpublic Insecure Channel Yes Use a Public Key Cryptosystem Public Key Details Bpublic Aprivate Don t have one key have two Kpublic Kprivate Two keys are mathematically related to one another Really hard to derive Kpublic from Kprivate and vice versa Forward encryption Encrypt cleartext Kpublic ciphertext1 Decrypt ciphertext1 Kprivate cleartext Encrypt cleartext Kprivate ciphertext2 Decrypt ciphertext2 Kpublic cleartext Note that ciphertext1 ciphertext2 Use combination of private and public key Alice Bob I m Alice Aprivate Rest of message Bpublic Provides restricted sender and receiver Public Key Examples RSA Rivest Shamir and Adleman Kpublic of form kpublic N Kprivate of form kprivate N N pq Can break code if know p and q Kubiatowicz CS162 UCB Fall 2007 Lec 26 5 Secure Hash Function Fox Hash Function DFCD3454BBEA788A 751A696C24D97009 CA992D17 The red fox runs across the ice Hash Function 52ED879E70F71D92 6EB6957008E03CE4 CA6945D3 12 05 07 Kubiatowicz CS162 UCB Fall 2007 Lec 26 6 Presumably they are the only ones who know Xprivate Often we think of Xpublic as a principle user Suppose we want X to sign message M Use private key to encrypt the digest i e H M Xprivate Send both M and its signature For instance h1 H M1 is the hash of message M1 h1 fixed length despite size of message M1 Often h1 is called the digest of M1 Hash function H is considered secure if It is infeasible to find M2 with h1 H M2 ie can t easily find other message with same digest as given message It is infeasible to locate two messages m1 and m2 which collide i e for which H m1 H m2 A small change in a message changes many bits of digest can t tell anything about message given its hash Hash function Examples MD5 SHA 1 SHA 256 Kubiatowicz CS162 UCB Fall 2007 But how does Alice know that it was Bob who sent her Bpublic And vice versa Signatures Certificate Authorities Can use Xpublic for person X to define their identity Hash Function Short summary of data message 12 05 07 Alice Insecure Channel Bob Gives message privacy restricted receiver What about authentication Can t derive one from the other 12 05 07 Bprivate Apublic Public keys secure destination points can be acquired by anyone used by anyone Only person with private key can decrypt message Reverse encryption ECC Elliptic Curve Cryptography Public Key Encryption Details can be made public keep Kprivate private Lec 26 7 Signed message M H M Xprivate Now anyone can verify that M was signed by X Simply decrypt the digest with Xpublic Verify that result matches H M Now How do we know that the version of Xpublic that we have is really from X Answer Certificate Authority Examples Verisign Entrust Etc X goes to organization presents identifying papers Organization signs X s key Xpublic H Xpublic CAprivate Called a Certificate Before we use Xpublic ask X for certificate verifying key Check that signature over Xpublic produced by trusted authority How do we get keys of certificate authority Compiled into your browser for instance 12 05 07 Kubiatowicz CS162 UCB Fall 2007 Lec 26 8 Security through SSL SSL Web Protocol Port 443 secure http Use public key encryption for key distribution SSL Pitfalls nc ns certs Netscape claimed to provide secure comm SSL pms Ks So you could send a credit card over the Internet Server has a certificate signed by certificate authority Contains server info organization IP address etc Also contains server s public key and expiration date Three problems reported in NYT Algorithm for picking session keys was predictable used time of day brute force key in a few hours Made new version of Netscape to fix 1 available to users over Internet unencrypted Establishment of Shared 48 byte master secret Client sends 28 byte random value nc to server Server returns its own 28 byte random value ns plus its certificate certs Client verifies certificate by checking with public key of certificate authority compiled into browser Four byte patch to Netscape executable makes it always use a specific session key Could insert backdoor by mangling packets containing executable as they fly by on the Internet Many mirror sites including Berkeley to redistribute new version anyone with root access to any machine on LAN at mirror site could insert the backdoor Also check expiration date Client picks 46 byte premaster secret pms encrypts it with public key of server and sends to server Now both server and client have nc ns and pms 12 05 07 Each can compute 48 byte master secret using one way and collision resistant function on three values Random nonces nc and ns make sure master secret fresh Kubiatowicz CS162 UCB Fall 2007
View Full Document
Unlocking...